From ed5275c237394ddc99bf1cd6b9154a18147b3484 Mon Sep 17 00:00:00 2001
From: Cizz22 <cisatraa@gmail.com>
Date: Tue, 24 Feb 2026 12:13:10 +0700
Subject: [PATCH] feat: Configure Aeros license retrieval from Vault, falling
 back to environment variables defined in the new `.env.example`.

---
 .env.example       | 35 +++++++++++++++++++++++++++++++++++
 src/aeros_utils.py | 32 ++++++++++++++++++++++++--------
 src/config.py      | 12 ++++++------
 3 files changed, 65 insertions(+), 14 deletions(-)

diff --git a/.env.example b/.env.example
index e69de29..313f871 100644
--- a/.env.example
+++ b/.env.example
@@ -0,0 +1,35 @@
+LOG_LEVEL=INFO
+ENV=local
+PORT=8000
+HOST=localhost
+
+# Database
+DATABASE_HOSTNAME=localhost
+DATABASE_CREDENTIAL_USER=user
+DATABASE_CREDENTIAL_PASSWORD=password
+DATABASE_NAME=digital_twin
+DATABASE_PORT=5432
+
+# Collector
+COLLECTOR_HOSTNAME=localhost
+COLLECTOR_PORT=5432
+COLLECTOR_CREDENTIAL_USER=user
+COLLECTOR_CREDENTIAL_PASSWORD=password
+COLLECTOR_NAME=collector
+
+# Services
+AUTH_SERVICE_API=http://192.168.1.82:8000/auth
+AEROS_BASE_URL=http://192.168.1.102
+WINDOWS_AEROS_BASE_URL=http://192.168.1.102:8800
+TEMPORAL_URL=http://192.168.1.86:7233
+RELIABILITY_SERVICE_API=http://192.168.1.82:8000/reliability
+
+# Aeros License (Fallback if Vault is not used)
+AEROS_LICENSE_ID=
+AEROS_LICENSE_SECRET=
+
+# Vault (Optional if using .env fallback)
+VAULT_URL=
+ROLE_ID=
+SECRET_ID=
+AEROS_SECRET_PATH=
diff --git a/src/aeros_utils.py b/src/aeros_utils.py
index 48bad4e..080dfa8 100644
--- a/src/aeros_utils.py
+++ b/src/aeros_utils.py
@@ -1,6 +1,6 @@
 import anyio
 from licaeros import LicensedSession, device_fingerprint_hex
-from src.config import AEROS_BASE_URL, WINDOWS_AEROS_BASE_URL, VAULT_URL, ROLE_ID, SECRET_ID, AEROS_SECRET_PATH
+from src.config import AEROS_BASE_URL, WINDOWS_AEROS_BASE_URL, VAULT_URL, ROLE_ID, SECRET_ID, AEROS_SECRET_PATH, AEROS_LICENSE_ID, AEROS_LICENSE_SECRET
 import logging
 from src.utils import get_vault_secrets
 
@@ -10,11 +10,27 @@ log = logging.getLogger(__name__)
 _aeros_session = None
 
 def get_aeros_session(base_url):
-    
-    results = get_vault_secrets(vault_url=VAULT_URL,role_id=ROLE_ID,secret_id=SECRET_ID,secret_path=AEROS_SECRET_PATH,secret_keys_to_be_returned=['aeros_license_id', 'aeros_license_secret'])
-    
-    if not results:
-        raise Exception("Failed to get Aeros license from Vault")
+    license_id = AEROS_LICENSE_ID
+    license_secret = AEROS_LICENSE_SECRET
+
+    # If vault is configured, try to get from there
+    if VAULT_URL and ROLE_ID and SECRET_ID and AEROS_SECRET_PATH:
+        results = get_vault_secrets(
+            vault_url=VAULT_URL,
+            role_id=ROLE_ID,
+            secret_id=SECRET_ID,
+            secret_path=AEROS_SECRET_PATH,
+            secret_keys_to_be_returned=['aeros_license_id', 'aeros_license_secret']
+        )
+        if results:
+            license_id = results['aeros_license_id']
+            license_secret = results['aeros_license_secret']
+            log.info("Aeros license retrieved from Vault")
+        else:
+            log.warning("Failed to get Aeros license from Vault, trying local env fallback")
+
+    if not license_id or not license_secret:
+        raise Exception("Aeros license ID or Secret not provided (checked Vault and local .env)")
 
     global _aeros_session
     if _aeros_session is None:
@@ -22,8 +38,8 @@ def get_aeros_session(base_url):
         log.info(f"Encrypted Device ID: {device_fingerprint_hex()}")
         _aeros_session = LicensedSession(
             api_base=base_url,
-            license_id=results['aeros_license_id'],
-            license_secret=results['aeros_license_secret'],
+            license_id=license_id,
+            license_secret=license_secret,
             timeout=1000
         )
     return _aeros_session
diff --git a/src/config.py b/src/config.py
index 4426b58..f878af9 100644
--- a/src/config.py
+++ b/src/config.py
@@ -98,10 +98,10 @@ RELIABILITY_SERVICE_API = config("RELIABILITY_SERVICE_API", default="http://192.
 CLAMAV_HOST = config("CLAMAV_HOST", default="192.168.1.82")
 CLAMAV_PORT = config("CLAMAV_PORT", cast=int, default=3310)
 
-# AEROS_LICENSE_ID = config("AEROS_LICENSE_ID", default="")
-# AEROS_LICENSE_SECRET = config("AEROS_LICENSE_SECRET", default="")
+AEROS_LICENSE_ID = config("AEROS_LICENSE_ID", default=None)
+AEROS_LICENSE_SECRET = config("AEROS_LICENSE_SECRET", default=None)
 
-VAULT_URL=config('VAULT_URL')
-ROLE_ID=config('ROLE_ID')
-SECRET_ID=config('SECRET_ID')
-AEROS_SECRET_PATH=config('AEROS_SECRET_PATH')
\ No newline at end of file
+VAULT_URL=config('VAULT_URL', default=None)
+ROLE_ID=config('ROLE_ID', default=None)
+SECRET_ID=config('SECRET_ID', default=None)
+AEROS_SECRET_PATH=config('AEROS_SECRET_PATH', default=None)
\ No newline at end of file